/**
 * 权限配置
 * 定义系统中所有的权限标识和权限分组
 */

// 权限分组
export const PERMISSION_GROUPS = {
  SYSTEM: 'system',
  MONITOR: 'monitor',
  USER: 'user',
  ROLE: 'role',
  MENU: 'menu',
  DEPT: 'dept',
  SETTINGS: 'settings'
} as const

// 权限操作类型
export const PERMISSION_ACTIONS = {
  VIEW: 'view',
  LIST: 'list',
  ADD: 'add',
  EDIT: 'edit',
  DELETE: 'delete',
  EXPORT: 'export',
  IMPORT: 'import',
  RESET: 'reset',
  CONFIG: 'config'
} as const

// 系统权限定义
export const SYSTEM_PERMISSIONS = {
  // 用户管理
  USER_LIST: 'system:user:list',
  USER_VIEW: 'system:user:view',
  USER_ADD: 'system:user:add',
  USER_EDIT: 'system:user:edit',
  USER_DELETE: 'system:user:delete',
  USER_EXPORT: 'system:user:export',
  USER_IMPORT: 'system:user:import',
  USER_RESET_PASSWORD: 'system:user:resetPassword',
  
  // 角色管理
  ROLE_LIST: 'system:role:list',
  ROLE_VIEW: 'system:role:view',
  ROLE_ADD: 'system:role:add',
  ROLE_EDIT: 'system:role:edit',
  ROLE_DELETE: 'system:role:delete',
  ROLE_EXPORT: 'system:role:export',
  
  // 菜单管理
  MENU_LIST: 'system:menu:list',
  MENU_VIEW: 'system:menu:view',
  MENU_ADD: 'system:menu:add',
  MENU_EDIT: 'system:menu:edit',
  MENU_DELETE: 'system:menu:delete',
  
  // 部门管理
  DEPT_LIST: 'system:dept:list',
  DEPT_VIEW: 'system:dept:view',
  DEPT_ADD: 'system:dept:add',
  DEPT_EDIT: 'system:dept:edit',
  DEPT_DELETE: 'system:dept:delete',
  
  // 系统设置
  SETTINGS_VIEW: 'system:settings:view',
  SETTINGS_EDIT: 'system:settings:edit',
  SETTINGS_EXPORT: 'system:settings:export',
  SETTINGS_IMPORT: 'system:settings:import',
  SETTINGS_RESET: 'system:settings:reset',
  
  // 系统配置
  CONFIG_VIEW: 'system:config:view',
  CONFIG_EDIT: 'system:config:edit'
} as const

// 监控权限定义
export const MONITOR_PERMISSIONS = {
  ONLINE_LIST: 'monitor:online:list',
  ONLINE_FORCE_LOGOUT: 'monitor:online:forceLogout',
  LOGINLOG_LIST: 'monitor:loginlog:list',
  LOGINLOG_EXPORT: 'monitor:loginlog:export',
  LOGINLOG_DELETE: 'monitor:loginlog:delete',
  OPERLOG_LIST: 'monitor:operlog:list',
  OPERLOG_EXPORT: 'monitor:operlog:export',
  OPERLOG_DELETE: 'monitor:operlog:delete'
} as const

// 所有权限列表
export const ALL_PERMISSIONS = {
  ...SYSTEM_PERMISSIONS,
  ...MONITOR_PERMISSIONS
} as const

// 权限分组映射
export const PERMISSION_GROUP_MAP = {
  [PERMISSION_GROUPS.SYSTEM]: {
    name: '系统管理',
    permissions: [
      SYSTEM_PERMISSIONS.USER_LIST,
      SYSTEM_PERMISSIONS.USER_VIEW,
      SYSTEM_PERMISSIONS.USER_ADD,
      SYSTEM_PERMISSIONS.USER_EDIT,
      SYSTEM_PERMISSIONS.USER_DELETE,
      SYSTEM_PERMISSIONS.ROLE_LIST,
      SYSTEM_PERMISSIONS.ROLE_VIEW,
      SYSTEM_PERMISSIONS.ROLE_ADD,
      SYSTEM_PERMISSIONS.ROLE_EDIT,
      SYSTEM_PERMISSIONS.ROLE_DELETE,
      SYSTEM_PERMISSIONS.MENU_LIST,
      SYSTEM_PERMISSIONS.MENU_VIEW,
      SYSTEM_PERMISSIONS.MENU_ADD,
      SYSTEM_PERMISSIONS.MENU_EDIT,
      SYSTEM_PERMISSIONS.MENU_DELETE,
      SYSTEM_PERMISSIONS.DEPT_LIST,
      SYSTEM_PERMISSIONS.DEPT_VIEW,
      SYSTEM_PERMISSIONS.DEPT_ADD,
      SYSTEM_PERMISSIONS.DEPT_EDIT,
      SYSTEM_PERMISSIONS.DEPT_DELETE,
      SYSTEM_PERMISSIONS.SETTINGS_VIEW,
      SYSTEM_PERMISSIONS.SETTINGS_EDIT,
      SYSTEM_PERMISSIONS.SETTINGS_EXPORT,
      SYSTEM_PERMISSIONS.SETTINGS_IMPORT,
      SYSTEM_PERMISSIONS.SETTINGS_RESET,
      SYSTEM_PERMISSIONS.CONFIG_VIEW,
      SYSTEM_PERMISSIONS.CONFIG_EDIT
    ]
  },
  [PERMISSION_GROUPS.MONITOR]: {
    name: '系统监控',
    permissions: [
      MONITOR_PERMISSIONS.ONLINE_LIST,
      MONITOR_PERMISSIONS.ONLINE_FORCE_LOGOUT,
      MONITOR_PERMISSIONS.LOGINLOG_LIST,
      MONITOR_PERMISSIONS.LOGINLOG_EXPORT,
      MONITOR_PERMISSIONS.LOGINLOG_DELETE,
      MONITOR_PERMISSIONS.OPERLOG_LIST,
      MONITOR_PERMISSIONS.OPERLOG_EXPORT,
      MONITOR_PERMISSIONS.OPERLOG_DELETE
    ]
  }
} as const

// 角色权限映射
export const ROLE_PERMISSIONS = {
  // 超级管理员 - 拥有所有权限
  SUPER_ADMIN: Object.values(ALL_PERMISSIONS),
  
  // 系统管理员 - 拥有系统管理权限
  ADMIN: [
    ...Object.values(SYSTEM_PERMISSIONS),
    MONITOR_PERMISSIONS.ONLINE_LIST,
    MONITOR_PERMISSIONS.LOGINLOG_LIST,
    MONITOR_PERMISSIONS.OPERLOG_LIST
  ],
  
  // 普通用户 - 基础权限
  USER: [
    SYSTEM_PERMISSIONS.USER_VIEW,
    SYSTEM_PERMISSIONS.SETTINGS_VIEW
  ],
  
  // 访客 - 只读权限
  GUEST: [
    SYSTEM_PERMISSIONS.USER_VIEW
  ]
} as const

// 权限描述
export const PERMISSION_DESCRIPTIONS = {
  [SYSTEM_PERMISSIONS.USER_LIST]: '查看用户列表',
  [SYSTEM_PERMISSIONS.USER_VIEW]: '查看用户详情',
  [SYSTEM_PERMISSIONS.USER_ADD]: '添加用户',
  [SYSTEM_PERMISSIONS.USER_EDIT]: '编辑用户',
  [SYSTEM_PERMISSIONS.USER_DELETE]: '删除用户',
  [SYSTEM_PERMISSIONS.USER_EXPORT]: '导出用户',
  [SYSTEM_PERMISSIONS.USER_IMPORT]: '导入用户',
  [SYSTEM_PERMISSIONS.USER_RESET_PASSWORD]: '重置用户密码',
  
  [SYSTEM_PERMISSIONS.ROLE_LIST]: '查看角色列表',
  [SYSTEM_PERMISSIONS.ROLE_VIEW]: '查看角色详情',
  [SYSTEM_PERMISSIONS.ROLE_ADD]: '添加角色',
  [SYSTEM_PERMISSIONS.ROLE_EDIT]: '编辑角色',
  [SYSTEM_PERMISSIONS.ROLE_DELETE]: '删除角色',
  [SYSTEM_PERMISSIONS.ROLE_EXPORT]: '导出角色',
  
  [SYSTEM_PERMISSIONS.MENU_LIST]: '查看菜单列表',
  [SYSTEM_PERMISSIONS.MENU_VIEW]: '查看菜单详情',
  [SYSTEM_PERMISSIONS.MENU_ADD]: '添加菜单',
  [SYSTEM_PERMISSIONS.MENU_EDIT]: '编辑菜单',
  [SYSTEM_PERMISSIONS.MENU_DELETE]: '删除菜单',
  
  [SYSTEM_PERMISSIONS.DEPT_LIST]: '查看部门列表',
  [SYSTEM_PERMISSIONS.DEPT_VIEW]: '查看部门详情',
  [SYSTEM_PERMISSIONS.DEPT_ADD]: '添加部门',
  [SYSTEM_PERMISSIONS.DEPT_EDIT]: '编辑部门',
  [SYSTEM_PERMISSIONS.DEPT_DELETE]: '删除部门',
  
  [SYSTEM_PERMISSIONS.SETTINGS_VIEW]: '查看系统设置',
  [SYSTEM_PERMISSIONS.SETTINGS_EDIT]: '编辑系统设置',
  [SYSTEM_PERMISSIONS.SETTINGS_EXPORT]: '导出系统设置',
  [SYSTEM_PERMISSIONS.SETTINGS_IMPORT]: '导入系统设置',
  [SYSTEM_PERMISSIONS.SETTINGS_RESET]: '重置系统设置',
  
  [SYSTEM_PERMISSIONS.CONFIG_VIEW]: '查看系统配置',
  [SYSTEM_PERMISSIONS.CONFIG_EDIT]: '编辑系统配置',
  
  [MONITOR_PERMISSIONS.ONLINE_LIST]: '查看在线用户',
  [MONITOR_PERMISSIONS.ONLINE_FORCE_LOGOUT]: '强制用户下线',
  [MONITOR_PERMISSIONS.LOGINLOG_LIST]: '查看登录日志',
  [MONITOR_PERMISSIONS.LOGINLOG_EXPORT]: '导出登录日志',
  [MONITOR_PERMISSIONS.LOGINLOG_DELETE]: '删除登录日志',
  [MONITOR_PERMISSIONS.OPERLOG_LIST]: '查看操作日志',
  [MONITOR_PERMISSIONS.OPERLOG_EXPORT]: '导出操作日志',
  [MONITOR_PERMISSIONS.OPERLOG_DELETE]: '删除操作日志'
} as const

// 权限工具函数
export const PermissionUtils = {
  // 获取权限描述
  getPermissionDescription: (permission: string): string => {
    return PERMISSION_DESCRIPTIONS[permission as keyof typeof PERMISSION_DESCRIPTIONS] || permission
  },
  
  // 获取角色权限
  getRolePermissions: (role: string): string[] => {
    const permissions = ROLE_PERMISSIONS[role as keyof typeof ROLE_PERMISSIONS] || []
    return [...permissions] // 创建新的可变数组
  },
  
  // 检查是否为管理员角色
  isAdminRole: (roles: string[]): boolean => {
    return roles.includes('admin') || roles.includes('super_admin')
  },
  
  // 检查是否为超级管理员
  isSuperAdmin: (roles: string[]): boolean => {
    return roles.includes('super_admin')
  },
  
  // 获取权限分组
  getPermissionGroup: (permission: string): string | null => {
    for (const [group, config] of Object.entries(PERMISSION_GROUP_MAP)) {
      if ((config.permissions as readonly string[]).includes(permission)) {
        return group
      }
    }
    return null
  },
  
  // 获取用户可访问的权限分组
  getAccessibleGroups: (permissions: string[]): string[] => {
    const groups = new Set<string>()
    for (const permission of permissions) {
      const group = PermissionUtils.getPermissionGroup(permission)
      if (group) {
        groups.add(group)
      }
    }
    return Array.from(groups)
  }
}
